DrayTek has launched security updates for a number of router fashions to handle 14 vulnerabilities of various severity, together with a distant code execution flaw that obtained the utmost CVSS rating of 10.
The failings, which Forescout Analysis – Vedere Labs found, affect each actively supported and fashions which have reached end-of-life. Nevertheless, because of the severity, DrayTek has supplied fixes for routers in each classes.
The researchers warned that their scans revealed that roughly 785,000 DrayTek routers is perhaps weak to the newly found set of flaws, with over 704,500 having their internet interface uncovered to the web.
Vulnerability particulars
Most vulnerabilities found by Vedere Labs are medium-severity buffer overflow and cross-site scripting issues dictated by a number of exploitation necessities.
Nevertheless, 5 of the issues carry important dangers, requiring rapid consideration. These are summarized as follows:
- FSCT-2024-0006: A buffer overflow vulnerability within the “GetCGI()” operate, chargeable for dealing with HTTP request knowledge, which may result in denial of service (DoS) or distant code execution (RCE). (CVSS rating: 10.0)
- FSCT-2024-0007: Command Injection in OS Communication – The “recvCmd” binary used for communication between the host and visitor working techniques is weak to command injection assaults, probably permitting VM escape. (CVSS rating: 9.1)
- FSCT-2024-0014: The net server backend makes use of a static string to seed the pseudo-random quantity generator (PRNG) in OpenSSL for TLS connections, which might result in info disclosure and man-in-the-middle (MiTM) assaults. (CVSS rating: 7.6)
- FSCT-2024-0001: The usage of similar admin credentials throughout your complete system can result in full system compromise if these credentials are obtained. (CVSS rating: 7.5)
- FSCT-2024-0002: An HTML web page within the Net UI improperly handles enter, permitting for mirrored XSS vulnerabilities. (CVSS rating: 7.5)
As of but, there have been no studies of lively exploitation of those flaws, and the publication of analytical particulars has been withheld to permit customers sufficient time to use the security updates.
The above flaws affect 24 router fashions, of which 11 have reached the top of life but nonetheless obtained fixes.
The impacted fashions and goal firmware variations to improve to may be seen within the desk beneath.
Customers might obtain the newest firmware for his or her machine mannequin from DrayTek’s official obtain portal.
Over 700,000 DrayTex gadgets uncovered on-line
Verdere Labs studies that it discovered over 704,500 gadgets have the DrayTek Vigor Net person interface uncovered to the web, although it ought to solely be accessible from a neighborhood community.
Practically half of the gadgets beneath Forescout’s direct visibility are positioned in the USA, however Shodan outcomes present important numbers in the UK, Vietnam, the Netherlands, and Australia.
Supply: Verdere Labs
Aside from making use of the newest firmware updates, customers are really helpful to take the next actions:
- Disable distant entry if not wanted, and use an entry management listing and two-factor authentication when lively.
- Verify settings for arbitrary alterations or the addition of admin customers or distant entry profiles.
- Disable SSL VPN connections via port 443.
- Allow syslog logging to observe for suspicious occasions.
- Allow auto-upgrade to HTTPs pages in your internet browser.
All DrayTek customers ought to affirm that their machine’s distant entry console is disabled, as exploits and brute power assaults generally goal these providers.
